 |
| fantasy picture |
Cyber expert Sandeep Shukla in a conversation with The Quint has described Pegasus Software (Pegasus) of the Israeli company NSO Group as a 'big black hole'. Shukla says that the software is almost "impossible" to crack as "the company constantly changes the modus operandi of attacks on mobile phones".
Shukla is Professor of Computer Science and Engineering at IIT Kanpur. He also runs a cyber security lab funded by the government.
French organizations Forbidden Stories and Amnesty International have together revealed that the spyware Pegasus is being used by governments around the world to spy on journalists, lawmakers, politicians and even relatives of politicians. This investigation has been named 'Pegasus Project'.
In the year 2019, WhatsApp had accused NSO of using its spyware Pegasus to target 1400 users of WhatsApp worldwide in May 2019. These people included many human rights activists, lawyers and activists of India. The 121 Indian citizens who were monitored include people like Bhima Koregaon case lawyer Nihal Singh Rathod, Elgar Parishad case accused Anand Teltumbde, Bastar human rights lawyer Bela Bhatia, activist Sudha Bharadwaj's lawyer Shalini Gera.
What did WhatsApp claim that it has fixed the flaw in its software. Pegasus was inserted through a missed WhatsApp video call.
The Quint spoke to Sandeep Shukla to know how Pegasus spyware operates and any methods that can be adopted to protect the mobile from it.
How does Pegasus get into mobile phones?
Before 2019, Pegasus used to take the missed WhatsApp video call route to get into the phone. But now WhatsApp has removed this software problem.
But now it has been learned that Pegasus is using Apple's messaging application iMessage. Pegasus spyware is embedded in a well written message. The phone user will not even have to click on this message and this spyware will be activated automatically. Even if the victim deletes the message, Pegasus will still be able to infect the phone. It seems that iMessage also has the same bug that WhatsApp had earlier.
Does Pegasus change the way we attack mobile phones?
Yes, iMessage is one of these few ways. Most of the methods involve 'zero-click' technology, in which the aggrieved user does not even have to click on the message. Zero-click attacks have been seen since 2019. Recently they have been seen in iPhone.
You run a cyber security lab. Have you tested any Pegasus infected phone?
We have not tested any such phone in our lab. Here I would like to tell that I or any other cyber expert can only find out whether malware has been inserted in the phone or not. But it will be difficult to say with certainty that the malware Pegasus has put in because the NSO Group keeps changing its attack methods. So far, only Citizen Lab has conducted forensic tests on some Pegasus infected phones, on the basis of which the modus operandi has been told.
How does NSO Group change attack methods?
There has been a huge market for finding flaws in gadget applications since the 90s. From governments to security agencies are interested in this. These are called 'zero-day vulnerability' markets. A 'zero-day vulnerability' is a software problem that the software vendor is not aware of. So some very smart cyber experts who work to find flaws in applications, sell their information further for millions of dollars.
If the flaw in an application is so significant that it can be misused without the victim touching the gadget, then such information can be bought by companies like NSO Group. NSO can buy this information or create new surveillance technology. In this way she makes sure that Pegasus keeps changing and the methods of attack are also updated.
Can an antivirus detect malware from Pegasus?
Any antivirus software can detect malware that it already knows about. Like in the Bhima Koregaon case, it seems that old malware named 'NetWire' was inserted in the laptops of the accused. So McAfee caught him.
But in the case of Pegasus, it is possible that the company has written a brand new malware about which no antivirus is aware. So it is difficult to trace it. I hope many forensic labs are figuring out how to detect Pegasus.
But then no one can stop Pegasus from writing new malware. I have come to know that the company keeps checking if any antivirus is able to catch the malware. If this happens Pegasus updates the malware. So this is an ongoing war.
The NSO group says that it only spies on terrorists and terrorist organizations. What do you say?
I think NSO group should be taken to court for crimes against democracy and humanity. The company is doing immoral work in the name of tracking terrorist organizations. Terrorists will not use smartphones or permanent mobile phones. They will use satellite phones or phones with more encryption for connectivity.
 |
| fantasy picture |
Is there no way to escape from Pegasus?
Right now it seems there is no solution. Pegasus attack can be avoided by using primitive or non-smart phones as it is very difficult to insert malware into such phones. The reason for this is the low storage capacity and few applications in these phones.
There is no information about the Pegasus attack on primitive phones in the public domain. But nothing can be taken as certain.
Will there be an end to these attacks?
I don't think so because Pegasus will keep updating its malware and ways to exploit flaws. There may be a solution for a short time but a permanent solution is difficult. Apart from this, due to the 'market' and 'demand' of such spyware, the business of companies like NSO will continue and they will invest crores in making new spyware.
